凉风

**Name of the Vulnerable Software and Affected Versions** Typora version 1.6.7 **Description** A cross site scripting (XSS) issue in the Markdown Editor component allows attackers to execute arbitrary code via uploading a crafted Markdown file. **Recommendations** For Typora version 1.6.7, consider disabling the Markdown Editor component until a patch is available to prevent exploitation.